LANs connected to a given VPN gateway must all belong to the same Virtual Datacenter (VDC).
Currently, only static routing is supported; dynamic routing and Border Gateway Protocol (BGP) routing are not available.
Interface IP is not DHCP aware. Ensure that you use private LAN IP addresses that are not already assigned via DHCP or are outside the DHCP range (.2-.10).
Tunnel endpoint and Gateway IP addresses are IPv4 only.
PSK and keypairs are not auto-created by the product. Hence, ensure that you provide them wherever necessary.
Remember to delete the VPN gateway before deleting the connected VDC.
WireGuard is a modern VPN protocol known for its simplicity and efficiency. It aims to provide a faster and more secure VPN solution compared to traditional protocols like IPSec. Key features include:
Primary Function: Establishes secure point-to-point connections over the internet, using state-of-the-art cryptography.
Importance for VPN Solutions: WireGuard is important due to its simplicity, high performance, and strong security features. It offers fast connection times and efficient use of network resources.
IPSec is a suite of protocols used to secure internet communications by authenticating and encrypting each IP packet of a communication session. It includes protocols like Authentication Header (AH) and Encapsulating Security Payload (ESP). Key features include:
Primary Function: Provides secure communication channels between devices over the internet, ensuring data confidentiality, integrity, and authentication.
Importance for VPN Solutions: IPSec is widely used in enterprise environments for its robust security capabilities, scalability, and compatibility across different platforms.
Security
Uses modern cryptographic techniques like ChaCha20 for encryption and Curve25519 for key exchange.
Offers strong encryption standards (AES, DES) and authentication methods (SHA-256).
Performance
Lightweight design results in faster connection times and lower overhead.
May have higher overhead due to encapsulation and additional protocol layers.
Ease of Use
Simple configuration and fewer lines of code make setup and management easier.
Configuration can be complex, especially for setting up tunnels and policies.
Suitability
Ideal for environments prioritizing speed, simplicity, and efficient resource usage.
Suitable for large organizations needing robust security, scalability, and compliance with standards.
Scalability
Handles dynamic IP addresses and changing networks more effectively.
Offers scalable solutions with support for complex network topologies and large-scale deployments.
Security: Both protocols offer strong security features, but WireGuard is praised for its simplicity and modern cryptographic approach.
Performance: WireGuard typically outperforms IPSec in terms of connection speed and resource efficiency.
Ease of Use: WireGuard is easier to set up and manage due to its minimalist design and straightforward configuration.
Suitability for Large Organizations: IPSec is well-suited for large enterprises requiring extensive scalability, compliance, and robust security measures.
Choose WireGuard if you prioritize simplicity, speed, and efficient resource usage. Opt for IPSec if you need extensive scalability, compatibility with existing infrastructure, and adherence to industry standards.
Secure Connectivity: Establishes encrypted tunnels using industry-standard VPN protocols (IPsec and WireGuard) to ensure secure data transmission. Supports various authentication methods, including certificates and pre-shared keys, providing flexibility in securing connections. Utilizes strong encryption algorithms such as AES-256 to protect data in transit.
Connection Stability: Implements redundancy and failover mechanisms to maintain continuous connectivity. Supports dynamic scaling to adjust to varying network demands, allowing for seamless addition or removal of VPN connections without service interruption.
Scalability: Supports scalable VPN configurations to accommodate growing network demands and increasing traffic. Customizable bandwidth settings optimize performance for different applications and services.
Improved Security: Ensures all transmitted data is encrypted, protecting against unauthorized access and cyber threats. Helps meet regulatory compliance requirements by securing sensitive data in transit.
Cost Efficiency: Reduces the need for costly hardware investments by leveraging cloud-based VPN solutions and scalable pricing models. Minimizes operational costs associated with network maintenance and downtime.
Enhanced Connectivity: Facilitates seamless communication between multiple office locations, partners, and remote sites worldwide. Supports secure remote access for employees, enabling them to connect to corporate resources from any location securely.
Global Reach: Enables organizations to extend network connectivity across different regions without major reconfigurations. Enhances application performance by optimizing latency for cross-region connections.
Reliability: Implements failover mechanisms to ensure high availability and minimize downtime. Distributes traffic across multiple VPN connections to optimize performance and prevent bottlenecks.
Flexibility: Integrates with existing network infrastructure, providing a flexible and scalable solution for diverse connectivity needs. Simplifies management with centralized interfaces for configuration and monitoring of VPN connections.
A VPN Gateway is a critical component in network infrastructure that facilitates secure, encrypted connections between different networks over the internet. It provides robust security features, including strong encryption, to protect data in transit. You can use it to connect on-premises networks to cloud networks or to connect different cloud networks. Organizations can use a VPN Gateway to ensure their sensitive data is transmitted securely over the internet, thus meeting compliance and regulatory requirements.
IONOS VPN Gateway supports IPSec and WireGuard VPN protocols, ensuring secure and reliable communication across geographically dispersed networks via IPSec tunnels or WireGuard peers, respectively. Based on the chosen VPN protocol, it supports multiple VPN tunnels or peers, allowing for scalable and flexible network architectures.
Note: You can set up a maximum of three VPN gateways in each region. To increase the quota for your contract, please contact IONOS Cloud Support.
When a user or a device initiates a connection to a network through a VPN Gateway, the gateway establishes a secure, encrypted tunnel/peer between the user and the target network. This process involves:
Authentication: The user or device is authenticated using certificates or pre-shared keys to ensure only authorized users can access the network.
Encryption: VPN Gateway encrypts data packets using protocols like IPsec or WireGuard to ensure secure transmission over the internet.
Tunneling/Peering: The encrypted data packets are encapsulated within another packet, creating a secure tunnel/peer through which the data travels. This tunnel/peer protects the data from being intercepted or tampered with during transmission.
Routing: VPN Gateway routes the encrypted data packets to the appropriate destination within the target network. Once the data reaches its destination, it is decrypted and delivered to the intended recipient.
Maintaining Connectivity: VPN Gateway continuously monitors the connection to ensure stability and performance. It implements failover mechanisms to switch to backup connections if the primary connection is disrupted, ensuring continuous connectivity.